<?php

require_once 'db/db.php';

function addUser( $userName, $pass, $email ) {
  try {
    $db = openDbConn();

    // validate for spaces and stuff like that
    $user = $db->quote($userName);
    $pass = $db->quote($pass);
    $email = $db->quote($email);

    $db->exec("INSERT INTO user (name, pass, mail) 
                  VALUES ($user, $pass, $email);");
    // XXX needs to be cleaned up. I'm lazy and tired, bad time to code
    $uid = $db->quote($db->lastInsertId());
    // should use prepared statements?
    $db->exec("INSERT INTO perms (uid, perm) 
                 VALUES ($uid, 'post.edit.$userName');
               INSERT INTO perms (uid, perm) 
                 VALUES ($uid, 'post.reply.$userName') ;");

  } catch ( PDOException $e ) {
    print "ERROR: " . $e->getMessage() . "<br />";
    die();
  }
}

// string -> bool
function setPerm( $uid, $perm ) {
  try {
    $db = openDbConn();   

    $uid = $db->quote( $uid );
    $permSearch = $db->quote( $perm . '%' );
    $perm = $db->quote( $perm );

    $db->exec("DELETE FROM perms WHERE perm LIKE $permSearch;
               INSERT INTO perms (uid, perm) VALUES ( $uid, $perm )");
   } catch ( PDOException $e ) {
      print "ERROR: " . $e->getMessage() . "<br />";
      die();
    }
}

?>
